Calling CreateFile / DeviceIOControl from a limited user accou
in [Device Drivers]
|
Prev: HID minidriver with multiple report descriptors
Next: Is it a Bug for DTM in USB Digital TV Tuner Card Testing
From: Matthew Townsend on 9 Mar 2007 10:57 I have modified the inf for my driver giving Generic all access to the World (Everyone) but that did not make a difference. So what you are saying is that there is no way to grant a limited user the rights to run code that connects to a driver without making them an administrator? -- Matthew Townsend General Dynamics "Anton Bassov" wrote: > You have to grant a current user a permission to access your driver by > modifying its ACL - check access control functions on MSDN for more info. > Please note that the code that does the above has to run on the account with > admin privileges. > > Anton Bassov > > "Matthew Townsend" wrote: > > > I need to be able to open a handle to a driver and communicate with it via > > IOCTLs. This needs to be done from a limited user account on Windows XP Pro > > SP2. > > I have a solution working when running from an administrator account but I > > can't get it to work from the limited user account and I cannot find any > > security settings the allow access. > > > > Is there a security setting of some sort that I can set to allow this > > functionality? > > > > Thank you. > > -- > > Matthew Townsend > > General Dynamics
From: Anton Bassov on 11 Mar 2007 00:41
> So what you are saying is that there is no way to grant a limited user the > rights to run code that connects to a driver without making them an > administrator? Actually, I am saying exactly the opposite - as long as driver's ACL allows restricted users to access it, there is no problem here whatsoever. The only thing I am saying is that the code that adjust driver's original ACL has to be run by user with Admin rights.... In fact, you ask your question in the wrong NG - this is purely a user-mode issue, so that an answer to your question lies with SDK (namely, Access Control Functions), rather than with DDK/WDK Anton Bassov "Matthew Townsend" wrote: > I have modified the inf for my driver giving Generic all access to the World > (Everyone) but that did not make a difference. > > So what you are saying is that there is no way to grant a limited user the > rights to run code that connects to a driver without making them an > administrator? > > -- > Matthew Townsend > General Dynamics > > > "Anton Bassov" wrote: > > > You have to grant a current user a permission to access your driver by > > modifying its ACL - check access control functions on MSDN for more info. > > Please note that the code that does the above has to run on the account with > > admin privileges. > > > > Anton Bassov > > > > "Matthew Townsend" wrote: > > > > > I need to be able to open a handle to a driver and communicate with it via > > > IOCTLs. This needs to be done from a limited user account on Windows XP Pro > > > SP2. > > > I have a solution working when running from an administrator account but I > > > can't get it to work from the limited user account and I cannot find any > > > security settings the allow access. > > > > > > Is there a security setting of some sort that I can set to allow this > > > functionality? > > > > > > Thank you. > > > -- > > > Matthew Townsend > > > General Dynamics |